[PATCH v4 0/2] Security mitigation for Intel Gen7/7.5 HWs

From: Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
To: akeem.g.abodunrin@intel.com, intel-gfx@lists.freedesktop.org,
	dri-devel@lists.freedesktop.org, omer.aran@intel.com,
	pragyansri.pathi@intel.com, d.scott.phillips@intel.com,
	david.c.stewart@intel.com, tony.luck@intel.com,
	jon.bloomfield@intel.com, sudeep.dutt@intel.com,
	daniel.vetter@intel.com, joonas.lahtinen@linux.intel.com,
	jani.nikula@intel.com, chris.p.wilson@intel.com,
	prathap.kumar.valsan@intel.com, mika.kuoppala@intel.com,
	francesco.balestrieri@intel.com
Subject: [PATCH v4 0/2] Security mitigation for Intel Gen7/7.5 HWs
Date: Thu, 20 Feb 2020 15:00:21 -0800	[thread overview]
Message-ID: <20200220230023.18905-1-akeem.g.abodunrin@intel.com> (raw)

Intel ID: PSIRT-TA-201910-001
CVEID: CVE-2019-14615

Summary of Vulnerability
------------------------
Insufficient control flow in certain data structures for some Intel(R)
Processors with Intel Processor Graphics may allow an unauthenticated
user to potentially enable information disclosure via local access

Products affected:
------------------
Intel CPU’s with Gen7, Gen7.5 and Gen9 Graphics.

Mitigation Summary
------------------
This patch provides mitigation for Gen7 and Gen7.5 hardware only.
Patch for Gen9 devices have been provided and merged to Linux mainline,
and backported to stable kernels.
Note that Gen8 is not impacted due to a previously implemented
workaround.

The mitigation involves submitting a custom EU kernel prior to every
context restore, in order to forcibly clear down residual EU and URB
resources.

The custom CB kernels are generated/assembled automatically, using Mesa
(an open source tool) and IGT GPU tool - assembly sources are provided
with IGT source code.

This security mitigation change does not trigger any known performance
regression. Performance is on par with current mainline/drm-tip.

Note on Address Space Isolation (Full PPGTT)
--------------------------------------------

Isolation of EU kernel assets should be considered complementary to the
existing support for address space isolation (aka Full PPGTT), since
without address space isolation there is minimal value in preventing
leakage between EU contexts. Full PPGTT has long been supported on Gen
Gfx devices since Gen8, and protection against EU residual leakage is a
welcome addition for these newer platforms.

By contrast, Gen7 and Gen7.5 device introduced Full PPGTT support only
as a hardware development feature for anticipated Gen8 productization.
Support was never intended for, or provided to the Linux kernels for
these platforms. Recent work (still ongoing) to the mainline kernel is
retroactively providing this support, but due to the level of complexity
it is not practical to attempt to backport this to earlier stable
kernels. Since without Full PPGTT, EU residuals protection has
questionable benefit, *there are no plans to provide stable kernel
backports for this patch series.*

Mika Kuoppala (1):
  drm/i915: Add mechanism to submit a context WA on ring submission

Prathap Kumar Valsan (1):
  drm/i915/gen7: Clear all EU/L3 residual contexts

 drivers/gpu/drm/i915/Makefile                 |   1 +
 drivers/gpu/drm/i915/gt/gen7_renderclear.c    | 402 ++++++++++++++++++
 drivers/gpu/drm/i915/gt/gen7_renderclear.h    |  15 +
 drivers/gpu/drm/i915/gt/hsw_clear_kernel.c    |  61 +++
 drivers/gpu/drm/i915/gt/intel_gpu_commands.h  |  17 +-
 .../gpu/drm/i915/gt/intel_ring_submission.c   | 135 +++++-
 drivers/gpu/drm/i915/gt/ivb_clear_kernel.c    |  61 +++
 7 files changed, 685 insertions(+), 7 deletions(-)
 create mode 100644 drivers/gpu/drm/i915/gt/gen7_renderclear.c
 create mode 100644 drivers/gpu/drm/i915/gt/gen7_renderclear.h
 create mode 100644 drivers/gpu/drm/i915/gt/hsw_clear_kernel.c
 create mode 100644 drivers/gpu/drm/i915/gt/ivb_clear_kernel.c

-- 
2.20.1

_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel